# Converting Cisco syslog messages to clogMessageGenerated SNMP traps

The AxoSyslog application can convert the syslog messages sent by Cisco devices to Cisco-specific SNMP traps defined by the CISCO-SYSLOG-MIB (`enterprises.cisco.ciscoMgmt.ciscoCiscoMIB`) is also supported (such traps are also referred to as `clogMessageGenerated` notifications). That way, the incoming log messages can be forwarded to devices used to process and analyze Cisco-specific SNMP traps. For this to work correctly, the following requirements must be met:

  * The Source Configuration Library (SCL) must be included in the AxoSyslog configuration file:
```
 @include "scl.conf"
        
```

  * The pattern database described in [Parsing Cisco-specific message fields with patterndb](../../../docs/axosyslog-core/chapter-destinations/destination-snmp/cisco-syslog-snmp/index.md#cisco-snmp-patterndb) must be used to parse the incoming log messages.




To accomplish this, AxoSyslog has to use a special pattern database to parse the Cisco-specific syslog messages, because these messages do not comply with the standard syslog formats.

For details on the Cisco-specific SNMP trap format, see [CISCO-SYSLOG-MIB](<https://github.com/cisco/cisco-mibs/blob/main/schema/CISCO-SYSLOG-MIB.schema>).

## Parsing Cisco-specific message fields with patterndb

The `${PROGRAM}` part of the syslog messages sent by Cisco devices contain not only the program name, but other important protocol information part as well. The `${PROGRAM}` of these messages contains the Facility, Severity, and the Mnemonic (the Cisco name) of the message. The following pattern database parses these values and makes them available as the `.cisco.Facility`, `.cisco.Severity`, and `.cisco.MsgName`, respectively. The actual log message is available as `.cisco.MsgText`.
```
 
       <patterndb version="4" pub_date="2011-05-03">
            <ruleset name="cisco snmp ruleset1" xml:id="480de478-d4a6-4a7f-bea4-0c0245d361e3">
                <description>Pattern for Cisco messages having BSD timestamps, for example: Jul 01 2010 00:32:59: %SYS-5-CONFIG_I: Configured from console by console</description>
                <pattern>%@ESTRING:.cisco.Facility:-@@ESTRING:.cisco.Severity:-@@ANYSTRING:.cisco.MsgName@</pattern>
                    <rules>
                        <rule xml:id="09944c71-95eb-4bc0-8575-936931d85713" provider="oneidentity" class="system">
                            <patterns>
                                <pattern> @ANYSTRING:.cisco.MsgText@</pattern>
                            </patterns>
                        </rule>
                    </rules>
            </ruleset>
            <ruleset name="cisco snmp ruleset2" xml:id="480de478-d4a6-4a7f-bea4-0c0245d361e3">
                <description>Pattern for Cisco messages having cisco-specific timestamps, for example: 18: Jan 22 10:45:44.543: %SYS-5-CONFIG_I: Configured from console by console</description>
                <rules>
                    <rule xml:id="09944c71-95eb-4bc0-8575-936931d85714" provider="oneidentity" class="system">
                        <patterns>
                            <pattern>%@ESTRING:.cisco.Facility:-@@ESTRING:.cisco.Severity:-@@ESTRING:.cisco.MsgName::@ @ANYSTRING:.cisco.MsgText@</pattern>
                        </patterns>
                    </rule>
                </rules>
            </ruleset>
        </patterndb>
    
```

## Sending clogMessageGenerated SNMP traps

To send out clogMessageGenerated SNMP traps, use the `cisco_snmp()` destination driver. The `cisco-snmp()` destination is actually a modified version of the `snmp()` destination driver.

Note The `cisco-snmp()` driver is actually a reusable configuration snippet. For details on using or writing SCLs, see [Reusing configuration blocks](../../../docs/axosyslog-core/chapter-configuration-file/large-configs/config-blocks/index.md). 

The `cisco-snmp()` driver has the same requirements and options as the `snmp()` destination driver, but automatically fills the clogMessageGenerated-specific fields with the data received from parsing the Cisco-specific syslog messages using the pattern database. For details on the , see the `<INSTALLDIR>/ share/include/scl/snmp/plugin.conf` file.

`Declaration:`
```
 
       destination d_cisco_snmp {cisco-snmp(host(<hostname>));};
    
```

## Example: Defining a Cisco-specific SNMP destination

The following example defines an SNMP destination that sends out clogMessageGenerated messages using the SNMPv3 protocol.
```
 
       destination d_cisco_snmp {cisco-snmp(host("192.168.1.1")
        version("v3")
        engine-id("'0xdeadbeefde'")
        auth-username('myusername')
        auth-password('password')
        enc-password('password'));};
    
```

Last modified November 20, 2024: [Broken link updates (5644de9a)](<https://github.com/axoflow/axosyslog-core-docs/commit/5644de9a8069da37e3bebf0ed5a4e73cf958a66b>)